// Do not load FS ...
$RUNTIME_NOSETUPFS = true;
-require_once('../../lib/base.php');
-
-require_once('../../lib/user.php');
-require_once('../../lib/public/user.php');
-
-require_once('../../lib/app.php');
-require_once('../../lib/public/app.php');
-
-require_once('../../3rdparty/Sabre/DAV/Auth/IBackend.php');
-require_once('../../3rdparty/Sabre/DAV/Auth/Backend/AbstractBasic.php');
-require_once('../../lib/connector/sabre/auth.php');
-
OCP\App::checkAppEnabled('remoteStorage');
+require_once('Sabre/autoload.php');
require_once('lib_remoteStorage.php');
require_once('oauth_ro_auth.php');
#ini_set('error_reporting', '');
@ob_clean();
-$path = substr($_SERVER["REQUEST_URI"], strlen($_SERVER["SCRIPT_NAME"]));
-$pathParts = explode('/', $path);
-
-if(count($pathParts) == 2 && $pathParts[0] == '') {
- //TODO: input checking. these explodes may fail to produces the desired arrays:
- $subPathParts = explode('?', $pathParts[1]);
- $ownCloudUser = $subPathParts[0];
- foreach($_GET as $k => $v) {
- if($k=='user_address'){
- $userAddress=$v;
- } else if($k=='redirect_uri'){
- $appUrlParts=explode('/', $v);
- $appUrl = $appUrlParts[2];//bit dodgy i guess
- } else if($k=='scope'){
- $categories=$v;
- }
- }
- $currUser = OCP\USER::getUser();
- if($currUser == $ownCloudUser) {
- if(isset($_POST['allow'])) {
- //TODO: check if this can be faked by editing the cookie in firebug!
- $token=OC_remoteStorage::createCategories($appUrl, $categories);
- header('Location: '.$_GET['redirect_uri'].'#access_token='.$token.'&token_type=bearer');
- } else if($existingToken = OC_remoteStorage::getTokenFor($appUrl, $categories)) {
- header('Location: '.$_GET['redirect_uri'].'#access_token='.$existingToken.'&token_type=bearer');
- } else {
+foreach($_GET as $k => $v) {
+ if($k=='userid'){
+ $userId=$v;
+ } else if($k=='redirect_uri'){
+ $appUrlParts=explode('/', $v);
+ $appUrl = $appUrlParts[2];//bit dodgy i guess
+ } else if($k=='scope'){
+ $categories=$v;
+ }
+}
+$currUser = OCP\USER::getUser();
+if($userId && $appUrl && $categories) {
+ if($currUser == $userId) {
+ if(isset($_POST['allow'])) {
+ //TODO: check if this can be faked by editing the cookie in firebug!
+ $token=OC_remoteStorage::createCategories($appUrl, $categories);
+ header('Location: '.$_GET['redirect_uri'].'#access_token='.$token.'&token_type=bearer');
+ } else if($existingToken = OC_remoteStorage::getTokenFor($appUrl, $categories)) {
+ header('Location: '.$_GET['redirect_uri'].'#access_token='.$existingToken.'&token_type=bearer');
+ } else {
+ //params ok, logged in ok, but need to click Allow still:
?>
<!DOCTYPE html>
<html>
</body>
</html>
<?php
- }
- } else {
- if((isset($_SERVER['HTTPS'])) && ($_SERVER['HTTPS'])) {
- $url = "https://";
- } else {
- $url = "http://";
- }
- $url .= $_SERVER['SERVER_NAME'];
- $url .= substr($_SERVER['SCRIPT_NAME'], 0, -strlen('apps/remoteStorage/compat.php'));
+ }//end 'need to click Allow still'
+ } else {//login not ok
if($currUser) {
- die('You are logged in as '.$currUser.' instead of '.$ownCloudUser);
+ die('You are logged in as '.$currUser.' instead of '.$userId);
} else {
header('Location: /?redirect_url='.urlencode('/apps/remoteStorage/auth.php'.$_SERVER['PATH_INFO'].'?'.$_SERVER['QUERY_STRING']));
}
}
-} else {
- //die('please use auth.php/username?params. '.var_export($pathParts, true));
- die('please use auth.php/username?params.');
+} else {//params not ok
+ die('please use e.g. /?app=remoteStorage&getfile=auth.php&userid=admin');
}
projects / nextcloud-server.git / commitdiff